In brief: Two digital rights bills landed on California Governor Gavin Newsom’s desk over the last five days. Both aimed to give California residents more control over their online affairs. The governor signed one and vetoed the other, raising questions about his normally pro-consumer stance.
Assembly Bill 2863, introduced in April, requires companies with convenient online or in-app subscription options to allow customers to unsubscribe just as quickly. Many services are simple to subscribe to, and almost all renew automatically. Meanwhile, canceling these subscriptions is difficult or, in some cases, impossible without a call to a customer service rep who inevitably gives the member the hard sell.
Governor Newsom signed AB 2863 into law on Tuesday, making it mandatory for companies with automatic renewal or continuous services to offer cancelation options within the same “medium” they used to subscribe. In other words, if a company has a webpage or app that allows you to subscribe with a click, it has to provide the same one-click option to cancel.
“AB 2863 is the most comprehensive ‘Click to Cancel’ legislation in the nation, ensuring Californians can cancel unwanted automatic subscription renewals just as easily as they signed up – with just a click or two,” said Assemblymember Pilar Schiavo, who introduced the bill to overwhelming bipartisan support and passing it with a unanimous vote.
Last Friday, Governor Newsom surprisingly rejected AB 3048. This bill was an amendment to the California Consumer Privacy Act of 2018 that would have required browsers and operating systems to make an “opt-out signal” available for users who do not want their data shared or sold. In simpler terms, developers would have to update their settings options to have an opt-out toggle for data collection. They would also have to limit the use of “sensitive information.”
Although the bill passed with considerable support – it breezed through the Assembly 31-7 and 59-12 in the Senate – Newsom vetoed the bill. While the governor’s actions seem contradictory, he reasoned that operating systems were too complex for regulators to mandate changes arbitrarily.
“To ensure the ongoing usability of mobile devices, it’s best if design questions are first addressed by developers, rather than by regulators,” Governor Newsom said in a letter to the State Assembly.
As for browsers, Newsom contends that data collection is a non-issue because users already have the means to opt out natively or through an extension. Newsom’s reasoning seems logical, but whether his constituents see the issue from the same perspective is another question.
Consumers are more concerned about information security than ever before. While global data breaches declined in 2023, they more than tripled in the US. In the last nine months, we’ve seen several severe information leaks. In many cases, the companies responsible were unwilling to own up to their security failures.
- Last December, 23andMe blamed customers for using bad passwords after hackers stole seven million user records from its database before finally admitting that the breach went on for five months under its nose.
- In March, AT&T saw 73 million customer records stolen and denied it for weeks before coming clean in April. Then it was hit again in July to the tune of 110 million records, nearly its entire customer base.
- In a similar case of denial, Microsoft left employee credentials exposed to the internet for 28 days after security researchers notified it of an unsecured server. It finally closed the hole with a simple password.
- Last month, National Public Data suffered the granddaddy of all data breaches, losing 2.7 billion US, UK, and Canadian records containing highly sensitive personal information. Whether it was a ransomware attack or just bad security hygiene, NPD isn’t saying.
So, if companies can repeatedly handle our data irresponsibly with little to no consequences other than some class action lawsuits that only enrich the lawyers, why shouldn’t they face regulatory control? These data brokers make billions selling it, and consumers get nothing but scams and the fear of identity theft.
What do you think?
Image credit: Gage Skidmore, Yomna Emara
